New inapp config options and long-TLD cross-subdomain support

• new Mixpanel config option inapp_link_new_window controls whether links in inapp notifications will open in a new window/tab (defaults to false)
• new Mixpanel config option inapp_protocol takes precedence over built-in protocol-agnostic resource links (for instance loading https://example.com/image.png rather than //example.com/image.png)
• cross-subdomain tracking now works for TLDs with more than 6 characters, like .company

Example usage of new configuration options:

mixpanel.init('<MY-TOKEN>', {
  inapp_link_new_window: true,
  inapp_protocol: 'https://',
});

GDPR and ID management updates

• Fix minification issue with DoNotTrack browser setting
• Pass flag to backend indicating when $distinct_id might have been set to a pre-existing $distinct_id value instead of a generated UUID (used when resolving aliases)

Updates to GDPR `opt_out_tracking_by_default` behavior

• Change the behavior of opt_out_tracking_by_default to no longer override any existing opt status when the user has an opt-in cookie. It also no longer clears persistence when set to true.
• Create a new param called opt_out_persistence_by_default which will determine whether SDK persistence is turned off during initialization

Time and identity management updates

• time prop is now set automatically with all events, recording UTC timestamp (in seconds) as the client (browser) sees it. The automatic value can be overridden by setting the time prop explicitly in tracking calls.
• $user_id and $device_id superprops are set as part of identify/reset flows. This allows finer-grained identity management around linking anonymous, logged-in, and logged-out behavior. New additional behavior is as follows:
  • If the distinct_id is not stored in the persistence (cookie/localStorage) at the time of mixpanel.init() then the lib will set a field $device_id which will be the same as the distinct_id generated using UUID.
  • When identify() is called, $user_id will be set in the persistence to the value passed to the identify() call. For example, if you call mixpanel.identify('pat@example.com'), $user_id will be set to "pat@example.com".
  • If any of those fields ($device_id and $user_id) is set in the persistence, all events and property updates will have those fields added in addition to your properties.

GDPR bugfix

Ensure GDPR cookies are always cleared when possible

GDPR bugfix

Bugfix for previous patch

GDPR localStorage

Allow GDPR utils to use localStorage instead of cookies

Config option for extra request headers

Set option xhr_headers to pass extra headers with each request (for instance, to authenticate through a proxy):

mixpanel.init('MY-TOKEN', {
  xhr_headers: {
    'X-Foo': 'Bar',
    'X-Baz': 'Qux',
  },
});

GDPR improvements

• Add cookie_prefix option to GDPR opt-out utils, allowing customization of cookie name
• Automatically delete user profile and charge data on GDPR opt-out (if specified)

GDPR opt in/out utility methods

Add set of opt in/out utility methods in preparation for GDPR See https://mixpanel.com/help/reference/javascript-full-api-reference for details